Project updates (Logbook style)

Note: The report is being written from the first day this project started in order to have introductory and design parts ready by the final phase of the project

From 15 June To 01 July 2009

Software development took place using PHP, SQL and in some parts javascript.
Algorithms designed

From 02 July to 10 July 2009

Primary Testing was conducted

Problems with the code that occured were listed and addressed

Problems:

User was able not to select any passkeys and therefore was able to login with empty passkey selection FIXED

There was no minimum passkeys that the user had to choose FIXED

Randomisation algorithm developed in order to show random keys to the user from the passkey library

From 11 July to 20 July 2009

Selection of Passkeys has being made and Passkeys library created.

The Questionairres are under development. Areas of the system that will be addressed are investigated.

From 21 July to 01 August 2009
This is the time when the Questionaires were really created.

Software is ready for the experiment

Questionaires are nearly taking their final form

From 02 August to Present

15 People were contacted in order to take part in the experiment (names and details will be available here as soon as the list is typed)

My laptop will be used for the experiment where participants will be introduced and asked to use the system. Due to lack of portability the system uploaded to a website and the questionaire decided to take place online!

Monday 03 August 2009
- 4 more people that would like to get involved in the experiment replied positively! (Total 19 participants)
Some preliminary thoughts and some relevant discussion with some of the participants was made
Those who have web or programming skills mentioned some security risks of the system.
These drawbacks were already mentioned in the proposal. (Brute force attacks, permutations, intersection)These have to be analysed in the report for sure
Some measures that could be taken were proposed. These have to be criticized in the report along with the results of the surveys after the use of the system

- Scheduling the experiment and how it will be conducted
Two phases:
1) Pilot phase (first Week of August)
2) Main Experiment (second Week of August)

11 August 2009
Experiment started! 12:49 12 August 2009 So far 14 participants used the system and replied to questionaire!17:05 12 August 2009 The minimum number of participants reached 20!! More to go. Facebook, twitter and emails are used in order to find new participants.20:08 12 August 2009 27 people replied to the questionnaire!21:45 12 August 2009 30 people used the system and completed the survey!12:08 13 August 2009 Participation climbed to 5218:29 13 August 2009 60 people have used the system and replied to our survey. Expecting more by the time the experiment will stop. (Deadline is tomorrow afternoon when analysis of the results will start)19:58 13 August 2009 So far 66 people completed the survey!21:23 13 August 2009 New record acheived! The 70th participant just completed the survey!22:14 13 August 2009 Number of participants is now 79!

14 August 2009
Results taken and very brief analysis was made.
First view conlcusions were made!

21 August 2009
Analysis of the results is being made.
Some conclusions can be made about the system.

22 August 2009 to 27 August 2009
In depth analysis of the results section by section:

Usability

Ease of Use

Pass Key Selection

Time consumption

Failure Scenarios

Other

28 August 2009
Analysis of the results are being written in the report...
Chapter 7 takes longer than it was expected due to comparison made with text based authentication systems as well as looking for similarities or contradictions to other systems such as H-IBAS-H, Awase-E, Deja Vu, which more or less are based on the same manner as ColourAuth.

31 August 2009

Significant conclusion has been made: Authentication systems that make use of colour based keys are not relying exclusively on recognition. They rely on both recognition and recall! This leads to the finding that a combination of the two methods in authentication could lead to a very secure and usability successfull authentication system.

Draft of the report is ready. Revision and Corrections are going to be made.

01 September 2009 to 03 September 2009
Syntax errors in document are being corrected
Tables and charts are being optimised in the appendix

04 September 2009
Analysis of the results draft sent to supervisor
All the responses from esurveyspro.com printed, as evidence of conduct of the experiment

06 September 2009 to 07 September 2009
Feedback on draft from supervisor received. comments and suggestions taken into account and corrections have been made